IT Auditing and Security Controls Quiz

Evolving Internal Control Areas Impacting IT and IT Auditing

• A complete web audit consists of three primary components: the server operating system, web server, and web application.
• Web servers are common targets and are difficult to properly secure, often containing sensitive data.
• The complexity of web applications makes reviewing them challenging due to the numerous interacting components.
• It is important to verify that the web server is running on a dedicated system and not in conjunction with other critical applications.
• Administrators should discuss with the administrator the applications on the same host as the web server to understand the legitimate needs and scope of audit.
• It is crucial to ensure that the web server is fully patched and updated with the latest approved code.
• Policies and procedures for appropriate and timely updates need to be reviewed during the audit.
• It is important to verify that unnecessary services, modules, objects, and APIs are removed or disabled, and running services and modules should operate under the least privileged accounts.
• The audit should verify that unnecessary services are disabled and that running services operate under the least privileged accounts.